SonarQube - Static Tool to Analyse and Inspect Code Quality

DZone 's Guide to

SonarQube - Static Tool to Analyse and Inspect Code Quality

Take a look at this quick introduction to SonarQube, demonstrating how to set up SonarQube and display metrics using dashboards.

· Java Zone ·
Free Resource

There are many tools in the testing world to find out bugs and analyze the code after running or execution of the program. Such tools are called dynamic testing tool. There are only few static testing tools that analyze code and give us reports without any execution. We are going to see about one such tool called SonarQube here. Let's see what is it and how to do code inspection in a maven project.


It is an open-source tool used for continuous inspection of code quality. It helps in finding out bugs, code smells, code coverage, and security vulnerabilities. It provides detailed reports on coding standards, unit tests, code coverage, bugs, and security vulnerabilities. 

It supports all major programming languages like Java, Python, Ruby, etc. All supported lanuguages are listed here.

SonarQube with Maven

Let's dive directly to analysis steps in a Java+Maven project. 


  • Docker
  • Java
  • Maven

Take a Docker Pull

SonarQube is available as a Docker image. All we need to do is take a pull and start the server in your local. Follow the below steps and start the server. 


The server runs in 9000 port. So it is mandatory to start the server in the same port. Now check the SonarQube dashboard here. Wait until you see this screen.

That's it. We are all set to use SonarQube in our project.

Run Scanner

After building your project, run the below command. 



mvn sonar:sonar

Upon a successful build, you will be able to see these logs. Now as you see in logs, click on reports link to analyze the reports.

Report analysis

Analysis Reports

Bugs, vulnerabilities, code coverage, and security issues are in the dashboard. You can see a detailed report under the issues tab and measures tab.

Overall Code

Issues dashboard

Security Rating

Thanks for reading!! You can find a sample project here.

code analysis ,java ,maven ,sonarqube ,static testing

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}